Check Point detects 10,000 sellers of fake vaccine certificates

QR links to spoofed European Centre for Disease Prevention and Control website
Passport COVID-19

AFP/JOEL SAGET  -   Passport COVID-19

Check Point Research has detected a worrying increase in the number of sellers of fake vaccination certificates. On 10 August, approximately 1,000 sellers claiming to offer fake certificates were spotted on Telegram and, in just one month, that number has increased tenfold to 10,000.

Already in December 2020, CPR detected hundreds of advertisements on the Darknet offering vaccines for sale, and they grew by 400% compared to the previous months. In March 2021, as the global roll-out of COVID-19 vaccines began to accelerate, the number of offers tripled, with outlets mainly in the US and European countries such as Spain, Germany, France and Russia. Prices for fake "vaccine passports" were $250 each, while fake negative COVID-19 test results cost $25.

A bot in Telegram that creates fake certificates for free

This is not the first time researchers have reported this global trend: since the pandemic began in 2020, the growth of this "industry" has been monitored. However, it seems that as the pandemic reaches new peaks, so does this market, as it continues to improve its capabilities, expand its distribution and increase its followers.

New techniques are now being detected that cybercriminals are using to sell more. For example, in Austria, a bot in Telegram has been discovered that creates fake certificates for free. All you have to do is fill in the relevant details and a pdf file with all your details filled in will be shared with them, as in the attached case: a negative PCR test.

A QR code shows a link to the fake European database

An additional new technique used by sellers of fake vaccine certificates has also been discovered. A large number of them claim to have access to a European database of vaccinated persons, also known as the European Centre for Disease Prevention and Control (they claim that potential buyers can register there and that, if someone checks it later, they would realise that they have been registered as a vaccinated person).

If the buyer is not careful enough to check the details on the website, they might think that it is a genuine website and a real database, and that they are registered as vaccinated, which is clearly not the case. Researchers at Check Point Research have detected a URL embedded in the QR code received from the seller, a QR code showing a link to the fake European database.

"As we continue to monitor the black market where fake COVID-19 vaccine certificates are sold, the Check Point Research (CPR) team has discovered a new technique: the alleged access to the website of the European Centre for Disease Prevention and Control, which stores the data of vaccinated people across Europe. This is absolutely false," explains Eusebio Nieva, technical director of Check Point Software for Spain and Portugal.

La app Telegram, instalada en un Smartphone
AFP/ALEXANDER NEMENOV - The Telegram app, installed on a Smartphone

In Check Point Software's latest report, in August 2021, fake "vaccination passport" certificates were being sold for between $100 and $120, with most of these cybercriminals coming from European countries. Currently, the EU digital COVID certificate, CDC and NHS COVID-19 vaccine cards, and fake COVID-19 PCR tests can also be found. The number of ad groups and their size have multiplied by 100% since the beginning of 2021.

The more the need and demand grows, the more cybercriminals will expand their activities. Today, sellers are known to offer fake certifications from many more countries, including: Italy, France, Spain, Portugal, Germany, Belgium, the Netherlands, Greece, Finland, Romania, Russia, Bulgaria, Switzerland, Austria, Poland, Czech Republic, Latvia, Ireland, Malta, the UK and Ukraine.

"The sellers send fake documentation from a fake website of the European Centre for Disease Prevention and Control, which could pass as legitimate at a border control or at the entrance of a shop. Our team discovered a URL embedded in a QR code, which shows a link to the fraudulent database. Not only do unvaccinated people have easy and cheap access to fake documents, but these documents also appear to link to websites that look credible, making it even easier for fraudsters to slip through the net. Until there is international collaboration between governments and a common, unified global database to verify legitimate certificates, this will continue to cause problems and undermine efforts to control the pandemic," warns Eusebio Nieva.

Pasaporte COVID
PHOTO - COVID Passport
Recommendations for awareness-raising

Authentic health-related certificates are not sold online. Anyone offering to sell such documents online is clearly doing so illegally. It is recommended not to engage cybercriminals who post on such groups or marketplaces anywhere on the web.

Each country should internally manage a central register of evidence and vaccinated persons, which can and should be securely shared between relevant authorised bodies within the country.

All "green passes" and vaccination certificates should be securely managed and encrypted by the relevant official bodies within each country, as well as a QR code that can be scanned for authentication purposes.

Countries should cooperate and share information regarding this data and create a secure file with encryption keys to allow people to move around using only legitimate certificates and to be able to detect fake ones.